Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Vurtomonde

  1. 2007-11-24, 10:32 #1
    njansse2
    njansse2 is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    13

    Default Vurtomonde

    Hello. I have been having virus problems. Spotbot always finds a vurtomonde virus and I try to delete it, but it keeps coming back. At first I received dialog boxes saying I needed to purchase software to remove the virus. I finally got that to stop, but a virus is still there. I tried running Vundofix, but it does not find anything. I also tried running combofix, which i thought worked, but when i rebooted, the virus was still there. This is my last resort before reformating. Thanks a lot for the help. The Kaspersky scan was too long, so here is the hijackthis log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:22:34 AM, on 11/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
    O2 - BHO: (no name) - {2531C5D9-5C55-4ADE-8278-866154C69317} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {D86BE440-E803-42E1-81AA-6776DC1C4BBD} - (no file)
    O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\WINDOWS\system32\tuvvwww.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1632] command /c del "C:\WINDOWS\system32\ygnsmqal.dll_old"
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: tuvvwww - C:\WINDOWS\SYSTEM32\tuvvwww.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 12293 bytes
  2. 2007-11-24, 22:52 #2
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello njansse2

    Welcome to Safer Networking.

    Please read Before YouPost
    That said, All advice given by anyone volunteering here, is taken at own risk.
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen.


    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

    Note: Do not mouseclick combofix's window while its running. That may cause it to stall



    This is important , do this and post a new Hijackthis log
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<-- Right click on Hijackthis.exe ( looks like a man with a spyglass ) and rename it to Scanner.exe
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2007-11-24, 23:42 #3
    njansse2
    njansse2 is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    13

    Default

    Thanks for the help Ken545

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:40:37 PM, on 11/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN Messenger\livecall.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
    O2 - BHO: (no name) - {2531C5D9-5C55-4ADE-8278-866154C69317} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: (no name) - {D86BE440-E803-42E1-81AA-6776DC1C4BBD} - (no file)
    O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\WINDOWS\system32\tuvvwww.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1632] command /c del "C:\WINDOWS\system32\ygnsmqal.dll_old"
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: tuvvwww - C:\WINDOWS\SYSTEM32\tuvvwww.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 11984 bytes
  4. 2007-11-24, 23:43 #4
    njansse2
    njansse2 is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    13

    Default

    ComboFix 07-11-19.3 - Nick Janssen 2007-11-24 16:35:41.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1397 [GMT -6:00]
    Running from: C:\Documents and Settings\Nick Janssen\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))
    .

    2007-11-24 03:21 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-23 23:33 <DIR> d-------- C:\WINDOWS\LastGood
    2007-11-23 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-23 01:32 <DIR> d-------- C:\VundoFix Backups
    2007-11-23 00:45 <DIR> d-------- C:\Program Files\SpywareBlaster
    2007-11-22 23:13 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2007-11-21 21:55 143 --a------ C:\WINDOWS\system32\mcrh.tmp
    2007-11-19 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-19 17:39 <DIR> d-------- C:\Program Files\Alwil Software
    2007-11-19 15:53 1,792,140 ---hs---- C:\WINDOWS\system32\mygmhoxd.ini
    2007-11-18 21:22 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
    2007-11-18 15:56 446,432 --ahs---- C:\WINDOWS\system32\cbeeg.ini2
    2007-11-18 15:56 446,432 --ahs---- C:\WINDOWS\system32\cbeeg.ini
    2007-11-18 15:51 <DIR> d-------- C:\QUARANTINE
    2007-11-18 15:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-16 23:48 <DIR> d-------- C:\Documents and Settings\Nick Janssen\Application Data\Viewpoint
    2007-11-05 21:09 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-11-05 21:09 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-24 05:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-11-24 05:23 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\dvdcss
    2007-11-23 08:58 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\LimeWire
    2007-11-22 04:06 37,376 ----a-w C:\WINDOWS\system32\tuvvwww.dll
    2007-11-19 08:27 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\Ruckus Network
    2007-11-18 21:55 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
    2007-11-17 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
    2007-11-14 02:18 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
    2007-11-12 22:20 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\U3
    2007-10-28 23:15 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\Canon
    2007-10-23 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-10-12 21:32 --------- d-----w C:\Program Files\DivX
    2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-09-28 16:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2007-09-28 16:07 120,056 ------w C:\WINDOWS\system32\PxCpyI64.exe
    2007-09-28 16:07 118,520 ------w C:\WINDOWS\system32\PxInsI64.exe
    2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-01-10 18:15 839,694 ----a-w C:\WINDOWS\Fonts\Crack.exe
    2007-01-10 18:15 290,818 ----a-w C:\WINDOWS\Fonts\Setup.exe
    2007-01-10 18:15 290,817 --sh--w C:\WINDOWS\Fonts\svchost.exe
    2007-01-10 18:15 290,817 --sh--w C:\WINDOWS\Fonts\svchost.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-23_ 2.49.14.81 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    - 2007-11-23 08:38:56 40,394 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2007-11-23 19:46:02 40,394 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-11-23 08:38:56 312,172 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-11-23 19:46:02 312,172 ----a-w C:\WINDOWS\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2531C5D9-5C55-4ADE-8278-866154C69317}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D86BE440-E803-42E1-81AA-6776DC1C4BBD}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
    2007-11-21 22:06 37376 --a------ C:\WINDOWS\system32\tuvvwww.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 17:21]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 08:08]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 04:00 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2006-01-19 08:14 C:\WINDOWS\system32\nwiz.exe]
    "NVHotkey"="nvHotkey.dll" [2006-01-19 08:14 C:\WINDOWS\system32\nvhotkey.dll]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 11:13]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
    "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 07:50]
    "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 12:39]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-11 16:25]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-11 16:26]
    "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 19:40]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
    "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 12:15]

    C:\Documents and Settings\Nick Janssen\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-11 16:03:12]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-03 17:21:33]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-03 17:23:26]

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\tuvvwww.dll [2007-11-21 22:06 37376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvwww]
    tuvvwww.dll 2007-11-21 22:06 37376 C:\WINDOWS\system32\tuvvwww.dll

    R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
    R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
    R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
    R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{791947fb-9a11-11dc-a285-00197d5bfe80}]
    \Shell\AutoRun\command - Installer.exe

    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-24 16:37:23
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-24 16:38:21
    C:\ComboFix2.txt ... 2007-11-24 16:33
    C:\ComboFix3.txt ... 2007-11-23 16:52
    .
    --- E O F ---
  5. 2007-11-25, 00:24 #5
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Run this free online Virus Scanner from Kaspersky. In the meantime I have to look over your logs

    Now run this online scan using Internet Explorer:
    Kaspersky Online Scanner from Kaspersky Online Virus Scanner

    Next Click on Launch Kaspersky Online Scanner

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Standard
    • Scan Options:
    • Scan Archives
    • Scan Mail Bases
    • Click OK
    • Now under select a target to scan: Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
    • Save the file to your desktop.
    Post the log along with a New HJT Log into your next reply.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  6. 2007-11-25, 00:58 #6
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    After you run Kaspersky and post the log, this is what we need to do, you may want to print it out and keep it handy, there is a bit to do.

    For starters you have a password stealing trojan on your system and it looks like its been on your system for quite awhile, what I would suggest you do is after this fix, go onto a known clean computer ( not this one ) and change all your passwords.


    Here we go.

    You need to disable the Tea Timer in Spybot Search and Destroy or it may prevent the fixes from taking.

    1. Run Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    3. On the left hand side, Click on Tools
    4. Then click on the Resident Icon in the List
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.



    Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

    O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
    O2 - BHO: (no name) - {2531C5D9-5C55-4ADE-8278-866154C69317} - (no file)
    O2 - BHO: (no name) - {D86BE440-E803-42E1-81AA-6776DC1C4BBD} - (no file)
    O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} -
    C:\WINDOWS\system32\tuvvwww.dll

    This one is the password stealer
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

    O4 - HKCU\..\RunOnce: [SpybotDeletingB1632] command /c del "C:\WINDOWS\system32\ygnsmqal.dll_old"

    O20 - Winlogon Notify: tuvvwww - C:\WINDOWS\SYSTEM32\tuvvwww.dll





    Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad

    File::
    C:\WINDOWS\system32\cbeeg.ini2
    C:\WINDOWS\system32\cbeeg.ini
    C:\WINDOWS\system32\tuvvwww.dll
    C:\WINDOWS\Fonts\Crack.exe
    C:\WINDOWS\Fonts\Setup.exe
    C:\WINDOWS\Fonts\svchost.exe
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.



    This is another free online scanner that will clean out all the entries that the password stealer created.

    Please run this free online virus scanner from ESET
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic




    Let me see the Combofix log, the ESET log and a new HJT log please
    Last edited by ken545; 2007-11-25 at 01:00.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  7. 2007-11-25, 21:28 #7
    njansse2
    njansse2 is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    13

    Default

    The Kaspersky and ESET log were both about 10 posts long, so here is the Combofix log and the HJT log.

    ComboFix 07-11-19.3 - Nick Janssen 2007-11-24 16:35:41.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1397 [GMT -6:00]
    Running from: C:\Documents and Settings\Nick Janssen\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-24 to 2007-11-24 )))))))))))))))))))))))))))))))
    .

    2007-11-24 03:21 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-23 23:33 <DIR> d-------- C:\WINDOWS\LastGood
    2007-11-23 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-23 01:32 <DIR> d-------- C:\VundoFix Backups
    2007-11-23 00:45 <DIR> d-------- C:\Program Files\SpywareBlaster
    2007-11-22 23:13 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2007-11-21 21:55 143 --a------ C:\WINDOWS\system32\mcrh.tmp
    2007-11-19 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-19 17:39 <DIR> d-------- C:\Program Files\Alwil Software
    2007-11-19 15:53 1,792,140 ---hs---- C:\WINDOWS\system32\mygmhoxd.ini
    2007-11-18 21:22 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
    2007-11-18 15:56 446,432 --ahs---- C:\WINDOWS\system32\cbeeg.ini2
    2007-11-18 15:56 446,432 --ahs---- C:\WINDOWS\system32\cbeeg.ini
    2007-11-18 15:51 <DIR> d-------- C:\QUARANTINE
    2007-11-18 15:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-16 23:48 <DIR> d-------- C:\Documents and Settings\Nick Janssen\Application Data\Viewpoint
    2007-11-05 21:09 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-11-05 21:09 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-24 05:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-11-24 05:23 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\dvdcss
    2007-11-23 08:58 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\LimeWire
    2007-11-22 04:06 37,376 ----a-w C:\WINDOWS\system32\tuvvwww.dll
    2007-11-19 08:27 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\Ruckus Network
    2007-11-18 21:55 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
    2007-11-17 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
    2007-11-14 02:18 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
    2007-11-12 22:20 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\U3
    2007-10-28 23:15 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\Canon
    2007-10-23 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-10-12 21:32 --------- d-----w C:\Program Files\DivX
    2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-09-28 16:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2007-09-28 16:07 120,056 ------w C:\WINDOWS\system32\PxCpyI64.exe
    2007-09-28 16:07 118,520 ------w C:\WINDOWS\system32\PxInsI64.exe
    2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
    2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-01-10 18:15 839,694 ----a-w C:\WINDOWS\Fonts\Crack.exe
    2007-01-10 18:15 290,818 ----a-w C:\WINDOWS\Fonts\Setup.exe
    2007-01-10 18:15 290,817 --sh--w C:\WINDOWS\Fonts\svchost.exe
    2007-01-10 18:15 290,817 --sh--w C:\WINDOWS\Fonts\svchost.exe
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-23_ 2.49.14.81 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    - 2007-11-23 08:38:56 40,394 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2007-11-23 19:46:02 40,394 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-11-23 08:38:56 312,172 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-11-23 19:46:02 312,172 ----a-w C:\WINDOWS\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2531C5D9-5C55-4ADE-8278-866154C69317}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D86BE440-E803-42E1-81AA-6776DC1C4BBD}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}]
    2007-11-21 22:06 37376 --a------ C:\WINDOWS\system32\tuvvwww.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 17:21]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 08:08]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 04:00 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2006-01-19 08:14 C:\WINDOWS\system32\nwiz.exe]
    "NVHotkey"="nvHotkey.dll" [2006-01-19 08:14 C:\WINDOWS\system32\nvhotkey.dll]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 11:13]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
    "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 07:50]
    "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 12:39]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-11 16:25]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-11 16:26]
    "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 19:40]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
    "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 12:15]

    C:\Documents and Settings\Nick Janssen\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-11 16:03:12]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-03 17:21:33]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-03 17:23:26]

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{ED203331-9C33-49D8-8714-D24A366A04EC}"= C:\WINDOWS\system32\tuvvwww.dll [2007-11-21 22:06 37376]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvwww]
    tuvvwww.dll 2007-11-21 22:06 37376 C:\WINDOWS\system32\tuvvwww.dll

    R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
    R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
    R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
    R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{791947fb-9a11-11dc-a285-00197d5bfe80}]
    \Shell\AutoRun\command - Installer.exe

    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-24 16:37:23
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-24 16:38:21
    C:\ComboFix2.txt ... 2007-11-24 16:33
    C:\ComboFix3.txt ... 2007-11-23 16:52
    .
    --- E O F ---
  8. 2007-11-25, 21:29 #8
    njansse2
    njansse2 is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    13

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:28:56 PM, on 11/25/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: tuvvwww - tuvvwww.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 11509 bytes
  9. 2007-11-25, 21:42 #9
    njansse2
    njansse2 is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    13

    Default

    Sorry, I think I posted the wrong combofix log. Here is the one I beleive is correct.

    ComboFix 07-11-19.3 - Nick Janssen 2007-11-24 18:45:24.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1587 [GMT -6:00]
    Running from: C:\Documents and Settings\Nick Janssen\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Nick Janssen\Desktop\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\Fonts\Crack.exe
    C:\WINDOWS\Fonts\Setup.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\system32\cbeeg.ini
    C:\WINDOWS\system32\cbeeg.ini2
    C:\WINDOWS\system32\tuvvwww.dll
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Fonts\Crack.exe
    C:\WINDOWS\Fonts\Setup.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\system32\cbeeg.ini
    C:\WINDOWS\system32\cbeeg.ini2
    C:\WINDOWS\system32\tuvvwww.dll

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
    .

    2007-11-24 03:21 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-23 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-23 01:32 <DIR> d-------- C:\VundoFix Backups
    2007-11-23 00:45 <DIR> d-------- C:\Program Files\SpywareBlaster
    2007-11-22 23:13 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2007-11-19 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-19 17:39 <DIR> d-------- C:\Program Files\Alwil Software
    2007-11-18 15:51 <DIR> d-------- C:\QUARANTINE
    2007-11-18 15:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-16 23:48 <DIR> d-------- C:\Documents and Settings\Nick Janssen\Application Data\Viewpoint
    2007-11-05 21:09 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-25 00:34 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\LimeWire
    2007-11-24 05:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-11-24 05:23 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\dvdcss
    2007-11-19 08:27 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\Ruckus Network
    2007-11-17 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
    2007-11-14 02:18 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
    2007-11-12 22:20 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\U3
    2007-10-28 23:15 --------- d-----w C:\Documents and Settings\Nick Janssen\Application Data\Canon
    2007-10-23 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-10-12 21:32 --------- d-----w C:\Program Files\DivX
    2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-23_ 2.49.14.81 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    - 2007-11-23 08:38:56 40,394 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2007-11-25 00:32:37 40,394 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-11-23 08:38:56 312,172 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2007-11-25 00:32:37 312,172 ----a-w C:\WINDOWS\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 17:21]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 08:08]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 04:00 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2006-01-19 08:14 C:\WINDOWS\system32\nwiz.exe]
    "NVHotkey"="nvHotkey.dll" [2006-01-19 08:14 C:\WINDOWS\system32\nvhotkey.dll]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 11:13]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 13:13]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
    "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 04:20]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 15:15]
    "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 07:50]
    "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 12:39]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-11 16:25]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-11 16:26]
    "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 19:40]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]

    C:\Documents and Settings\Nick Janssen\Start Menu\Programs\Startup\
    Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-09-11 16:03:12]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-03 17:21:33]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-03 17:23:26]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvwww]
    tuvvwww.dll

    R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
    R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
    R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
    R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{791947fb-9a11-11dc-a285-00197d5bfe80}]
    \Shell\AutoRun\command - Installer.exe

    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-24 18:51:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-24 18:52:51 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-24 16:38
    C:\ComboFix3.txt ... 2007-11-24 16:33
    .
    --- E O F ---
  10. 2007-11-25, 21:46 #10
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello,
    Not to worry about the two logs just now, but your Combofix log is still showing the bad files . You may not have done it correctly or I think you may have posted the older log. Go to C:\Combofix.txt, you should have 2 of them, right click on each one and look at the date and post the latest one .


    Remove this with HJT
    O20 - Winlogon Notify: tuvvwww - tuvvwww.dll (file missing)


    Download CCleaner from here to clean temp files from your computer.
    • Double click on the file to start the installation of the program.
    • Select your language and click OK, then next.
    • Read the license agreement and click I Agree.
    • Click next to use the default install location. Click Install then finish to complete installation.
    • Double click the CCleaner shortcut on the desktop to start the program.
    • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
    • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
    • Click on the "Options" icon at the left side of the window, then click on "Advanced."
      deselect "Only delete files in Windows Temp folders older than 48 hours."
    • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
    • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
    • After CCleaner has completed its process, click Exit.


    *NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!



    • Your Java is out of date and leaving your system vulnerable.
    • Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
    • It should have an icon next to it:

      Select it and click Remove.
    • Reboot your system.
    • Then go to the Sun Microsystems and install the update
    • Java Runtime Environment Version 6 Update 3 <--This is what you need to download and install.
    • If you chose the online installation, it will prompt you to run the program.
    • If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
    • Then after install you can verify your installation here Sun Java Verify
    I like to to do the offline installation and save the setup file in case I may need it in the future


    Post the most recent Combofix log and a new HJT log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules